ANIKET RASTOGI, B.E., MBA, CISSP, CISA

Achievements:
• Enabled the team to identify more than 200 current risk areas across Infrastructure, Applications, and Databases
• Provided guidance and support to engineering teams to achieve resolution of approximately 75% of key risk areas within a 12-month period, thereby reducing the overall risk profile by ~USD 50mn

• Defined and developed 5 Key Risk Indicators (KRIs) used by the Engineering teams towards managing risks within their functions

Key Responsibilities:
• Team Management – Managed a team of security professionals and contractors spread across multiple regions to perform cyber security risk reviews across the organization.
• Regulatory Risk Reviews – Review of controls within the organization to ensure compliance towards SOx (Sarbanes Oxley), Payments Security Directive (PSD2), General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA)
• Regulatory Risk Reviews - Review of payment controls across payment applications, databases, service-to-service authentication processes, and Kafka technologies

• Subsidiaries Risk Management - Risk review of the security controls deployed by Uber's subsidiaries, understanding their regulatory / compliance landscape and accordingly suggesting controls to be deployed to be deployed

• Reviewed the following areas for their risks and controls -

o Cloud Security Reviews (AWS, GCP and Oracle Cloud)

o Network Security Reviews o Endpoint Device Security Reviews

o Operating System and Container Security Reviews

o Database Security Reviews

o Business Continuity and Disaster Recovery Reviews

o SaaS Application Reviews

o Third Party Risk Reviews
• Risks Reporting - Created monthly reports for senior management summarizing operational and security performance metrics.

Achievements :
• Reviewed controls across 5 major COBIT processes and more than 70 payment applications
• Setup the Policy Management Office to review Technology and Information Security policies

• Established the first line oversight and credible challenge capability for Technology risks in India

Key Responsibilities:
• Risk Identification and Management - Identification of existing and emerging technology risks within the environment, perform risk assessments, and identify relevant controls for mitigation.
• Policy Management Office - Review of policies and standards existing in the organization on a periodic basis and suggest improvements based on new or upcoming risks, compliance to baking regulations based on existing technological practices and processes
• Application Ecosystem Assessments - Assessment of controls across payment-related, wealth management, consumer lending, and asset management applications to validate control implementation and performance.
• Compliance Management - Understanding various compliance requirements provided by OCC, correlating the requirements to the COBIT 5 control activities, and establishing a framework of controls that need to be monitored continuously.

• Oversight and Credible Challenge - Established the framework for review of assessments performed by the first line of defense and provide credible challenge to approach / methodology used for assessments.

Achievements:
• Reduced the risk of Shadow IT from EUR 60mn to EUR 2.5mn in a period of 1 year
• Developed the framework for the execution of Strategic Technology Change initiatives

Key Responsibilities:
• Shadow IT Governance - Developed the framework for discovery, risk profiling, and mitigation of associated risks within the organization. Helped streamline the associated processes and reduce the overall risk exposure of the organization to Shadow IT.
• Technology Risk Reviews and Assessments - Performed technology reviews for multiple applications, processes, and infrastructure based on requirements from MAS, BaFin, and Sox leading to strategic changes within the Technology Infrastructure.

Achievements:
• Executed multiple business control reviews across multiple ERP platforms
• Conducted more than 15 attestation projects for SSAE 16 / ISAE 3402 for SOC 1 and SOC2 and 3 ISO 27001 implementations
• Led SOx control testing for 5 organizations for more than 20 control areas

Key Responsibilities:
• Statutory & Internal Audits - Managed and performed multiple SOx engagements, ITGC, and Application Controls assessments as part of Statutory & Internal Audits for clients.

• Information Security Policy Management – Periodic reviews of organizations' existing security policies to identify potential improvements, develop new security standards, and guide documents for organizations moving to the cloud.

• Business System Controls Review - Reviewed system-based controls in the Retail and Media/Entertainment industry to ensure the systems are aligned with the business requirements.
• Attestation Engagements and Certifications - Performed multiple attestation engagements for certifications (ISAE 3402/SSAE 16 Type 1 and Type 2). Also prepared organizations to achieve ISO 27001 certifications based on the required controls defined in the standard

Achievements :
• Performed risk assessments for 2 major energy sector clients across infrastructure and OS
• Developed 20 policies and procedures for security best practices compliant with banking and energy sector-based regulations

Key Responsibilities :
• Information Security Policies, Procedures, and Security Management Reports on ISO 27001 - Responsible for the development of Information Security policies, procedures, and security management reports based on ISO 27001 and COBIT for clients in the BFSI sector.
• Compliance Management - Enabled clients in Energy, and BFSI sectors to manage and ensure compliance with various requirements based on their regional regulatory requirements.
• Business Development - Extensively involved in business development activities like proposal development and showcasing the team's capabilities to Senior Leadership.

Key Responsibilities:

• Internal Audits: Performed Network Operations Audits for a client in the Telecommunications industry to align the client environment to Telecom Operations Management best practices as recommended by TRAI.

• Security & Configuration Reviews: Performed reviews at the Operating System (Windows, HP-UX, Solaris, and Linux) and network (Firewalls, HLRs, L3 Switches, etc.) levels.